Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-ecdhe-psk-aead-04: (with DISCUSS and COMMENT)
Joseph Salowey <joe@salowey.net> Wed, 24 May 2017 21:15 UTC
Return-Path: <joe@salowey.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6693C129BC5 for <tls@ietfa.amsl.com>; Wed, 24 May 2017 14:15:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=salowey-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kJ8MssChY-bu for <tls@ietfa.amsl.com>; Wed, 24 May 2017 14:15:26 -0700 (PDT)
Received: from mail-pf0-x233.google.com (mail-pf0-x233.google.com [IPv6:2607:f8b0:400e:c00::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D009129BF5 for <tls@ietf.org>; Wed, 24 May 2017 14:14:47 -0700 (PDT)
Received: by mail-pf0-x233.google.com with SMTP id m17so146886357pfg.3 for <tls@ietf.org>; Wed, 24 May 2017 14:14:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=salowey-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=z6399RzuEoikphWuuRPk9dFRuP8cJ/5C0bKIR3vPf4c=; b=13zApcBIRHL4xfJJXVavT43R0UAg6HHoX0EDQXViD4+8Xc/LROYugb2n2Yt633xaTg y4lPPr7cFUa5uNmOHAgQ0+dYvcaOsjbMIKsRRUM9eGoTWZ1xp50CAwQ/Cwk56mG8dxGg NuKysXHqHjOGsUlTIb+/8w1/tbd7hxW5i43vdqmd8syREMzKc9wExjrqALNoE+nVD4ZG ZCoXsngAfcrf5qTYwUxizk0VVhmdxpdXXLb40B0ohUIeHIdn0JNhs9Jcr93jVsKXXYpp dep8pbwniXjXSxZaOBuELGH+0AkxLhg8pyUoXO78InCd2v7Cr8QLLfff4rHBwrX+Hx6h IUjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=z6399RzuEoikphWuuRPk9dFRuP8cJ/5C0bKIR3vPf4c=; b=YPi1igU2cK1bdQJR/c/oIzCOJ04PnK7IONUJRE7dbIdMRHhdQwN6DL5+e8N6HvZBwa sdxlB5pPU5TrdNfZ8Bh5B7Nu0/YU2vxUZOBPK5hlc/1U/zMIe1mNci7zaVAYD1piz2Ao Li3iDLVFyvghFcuWtpX2A5auw1J63RymKc+CBvsTHH8OoLdLB+NesBFK5V2GTHkvXFvC LZVzjyV2oM2ThZwdB3XqXEfVTUVeu8WPkrdqEKcrXBGdNLERVp8MUNG2eBG0vxNWxOon CmVo5R+psRw3qKwTE6HKkDbBBaailknW0kR0s2F+gzw0TGr+CTgQrm4YXXz7gvMtaid/ RaVA==
X-Gm-Message-State: AODbwcAcOtirxtES+UqjVcPWTD44tSYz90QX53QaElJumjBBx0qZHHFd LOk9JYuLfDLGqspL6K0RC3B4NqPDCUu4
X-Received: by 10.84.229.79 with SMTP id d15mr45861443pln.93.1495660486893; Wed, 24 May 2017 14:14:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.177.204 with HTTP; Wed, 24 May 2017 14:14:26 -0700 (PDT)
In-Reply-To: <CABkgnnX_U7DW-+Pq+32-Z3eQB-ZR_C8GM6XUBDDeSAxJqkZ8ng@mail.gmail.com>
References: <149550551972.4974.3201248950751611020.idtracker@ietfa.amsl.com> <CADZyTknOk=skkKXFtrvVWuKVU_PLV3tecaeo9kdLe77a9YxkNQ@mail.gmail.com> <CABcZeBM-4_xqBOum3vCd2Sb5327CYpU08kxadqYwW+qh0W3eJw@mail.gmail.com> <CADZyTknmXE6UW5e9SbSwwSUZWU-wHw_+9sTB_xnYUmo8KBOJxg@mail.gmail.com> <CADZyTk=K8dzYaEL3TBjHMzsHnF+X52RvZiUsSBJQmNi0CkH=CA@mail.gmail.com> <CABkgnnVq8N+vEXZ-=yU+EWR9GYTh9K64D8MP0Yu7Pn0enE=iRQ@mail.gmail.com> <CADZyTknBzV6Z_wwBtPw-=9VOw1Z0X8UQPRorwvg_cRQuRNFQLw@mail.gmail.com> <CABkgnnX_U7DW-+Pq+32-Z3eQB-ZR_C8GM6XUBDDeSAxJqkZ8ng@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
Date: Wed, 24 May 2017 14:14:26 -0700
Message-ID: <CAOgPGoAwn5kfS8GTHw3a5Hgwerrnd735vO-ReGQQBXJtKsf=dQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Daniel Migault <daniel.migault@ericsson.com>, Eric Rescorla <ekr@rtfm.com>, tls-chairs <tls-chairs@ietf.org>, The IESG <iesg@ietf.org>, tls <tls@ietf.org>, draft-ietf-tls-ecdhe-psk-aead@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c19ecb406b2a705504b980e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PQ-La1eWQHvkRx38w5V0u_fu68A>
Subject: Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-ecdhe-psk-aead-04: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2017 21:15:28 -0000
On Wed, May 24, 2017 at 1:13 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 25 May 2017 at 00:04, Daniel Migault <daniel.migault@ericsson.com> > wrote: > > > B) It is not true as TLS1.3 enables these cipher suites to be negotiated > > with TLS1.3. > > You can't negotiate the new suites with 1.3, but you can offer them in > case the server picks 1.2. > > Joe's proposal fixes this and other errors. > > > >> You don't anywhere state that TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 > >> means to use AEAD_AES_128_GCM (and the same for the other > >> ciphersuites). I mention this because the order in which the AEAD > >> algorithms are mentioned is different to the order of the ciphersuites > >> in the list. > >> > > > > Unless I miss your comment, I believe the section 3 already addresses > it. If > > not please let me knoe what text you would like to see. > > > > """ > > 3. ECDHE_PSK with AES-GCM and AES-CCM Cipher Suites > > > > The cipher suites defined in this document are based on the AES-GCM > > and AES-CCM Authenticated Encryption with Associated Data (AEAD) > > algorithms AEAD_AES_128_GCM, AEAD_AES_256_GCM and AEAD_AES_128_CCM > > defined in [RFC5116], and AEAD_AES_128_CCM_8 defined in [RFC6655]. > > > > """ > > You miss my comment. This does not prevent someone from deciding that > TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 should use AEAD_AES_128_CCM_8. > [Joe] It seems that a reasonable interpretation of the text is that the AEAD constructs will pair with the cipher suite that share the same name. Do you still think we need to provide an explicit mapping between the two?
- [TLS] Eric Rescorla's Discuss on draft-ietf-tls-e… Eric Rescorla
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Martin Rex
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Martin Rex
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Eric Rescorla
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Daniel Migault
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Eric Rescorla
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Daniel Migault
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Martin Thomson
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Daniel Migault
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Joseph Salowey
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Daniel Migault
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Daniel Migault
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Martin Thomson
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Joseph Salowey
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Martin Thomson
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Daniel Migault
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Martin Thomson
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Daniel Migault
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Martin Rex
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Watson Ladd
- Re: [TLS] Eric Rescorla's Discuss on draft-ietf-t… Martin Rex